Thursday, March 08, 2007

CA and BEA IAM partnership half assed

CA and BEA have announced a strategic partnership to integrate CA's Identity and Access Management suite with BEA's WebLogic and AquaLogic products. You may have noticed I called this a "half assed" step. In other words, I don't think it'll be particularly successful. Let's analyse it shall we...

First of all, each has a product that competes with the other in the security and identity space. CA has its Embedded Entitlements Manager while BEA has its AquaLogic Enterprise Security product (don't get me started on what a stupid, generic name this is - did they seriously pay someone to think up the name? I hope not!). What's a customer to do? Pick one over the other? I want to be a fly on the wall when BEA and CA go to a customer pitching the combined solution and the customer asks about entitlement management (just another name for authorisation management - see my thoughts on this here) and what product they should use to fit in well with the proposed, combined, "nicely integrated" CA/BEA solution. Is each side going to stab the other in the back and tell the customer in side conversations why they should go with CA? Or BEA? Not a good look guys...especially when trying to present a unified front.

Secondly, this statement from the press release is just stupid:
"CA will include WebLogic Server Premium Edition evaluation license with CA Identity Manager as the application server of choice for CA IAM technology."

If you want someone to use your solution, give them a full version. Evaluation licenses suck. And when you give out an evaluation license when trying to get someone to use it, that's just stupid. So maybe BEA doesn't want people using the WebLogic server without paying for it. Here's the solution. Limit it for use with CA Identity Manager and CA Access Manager. If they want to extend the use of the WebLogic server, then they can pay for the right to do so. Here's what's going to happen if you stick to this limitation:
Customer: I want to buy CA Identity Manager and CA Access Manager based on that quote you gave me.
CA Sales Rep: Cool. Thanks very much. Now, our strategic partnership with BEA means that our products work best with WebLogic and it will be best for you to use it.
Customer: Ok. So I can just run this on WebLogic when I deploy it right? No strings attached.
CA Sales Rep: Actually, you get an evaluation license so you can probably run it in development and when you decide to move forward into production, you'll need the full license.
Customer: What do you mean full licence?
CA Sales Rep: You'll need to purchase it from BEA.
Customer: Isn't that included in the quote you gave me?
CA Sales Rep: No. You'll need to talk to BEA about that.
Customer: Why didn't you include it in the quote?
CA Sales Rep: We wanted to keep your costs down and give you a choice of application servers...but I'm just telling you it works best with WebLogic.
Customer: Ok, what if I don't have the budget to buy WebLogic licenses?
CA Sales Rep: Oh, our solutions work nicely with other application servers that we support too. You don't need to worry about that.
Customer (feeling a little cheated): Ok, but you're telling me I really should be paying more money to run it on WebLogic because it runs better?
CA Sales Rep (sensing he may lose the sale): Oh I didn't mean that. It just has more integrated pieces but we don't enforce that you run it on WebLogic. Our products are extremely stable on other application server platforms.

What do CA and BEA get here? A customer feeling cheated, CA trying to save the sale by cutting BEA out of it and BEA not knowing any better and losing a potential sale...not to mention gaining some negative perceptions from the customer as a result. If they had been up front about using BEA, the situation would probably be better for all (including the customer) from a relationship standpoint...but it would cost more. So, if you're a CA Sales Rep, what do you do? More than likely, you don't put it in your quote!

If you turn the tables and look at what BEA would do from a sales standpoint, they would probably do the same thing. Say that they work best with CA if a customer wants identity management, but that they could easily run another vendor's product (assuming the other vendor supports WebLogic). The BEA sales rep doesn't care - they just want the sales revenue.

The ONLY way this is going to work is if BEA chooses to ONLY support CA as a vendor (in this space) and CA chooses to ONLY support running their software on WebLogic. I really don't see this happening from a business standpoint. It would limit their routes to market and seriously handcuff their sales force. There are probably sales incentives in place to try to make this work, but if you're a sales rep and had to choose between having a 25% chance of a sale involving CA and BEA but gave you more commission and a 50% chance of a sale which didn't include the other vendor and gave you a little less commission, which would you pick? Almost all sales reps would go with option 2!

Another area of focus for this partnership involves engineering and development. The press release states:
"The two companies plan to validate and further extend integration between CA SiteMinder and BEA WebLogic and AquaLogic technologies, while also collaborating on identity and access management standards."

All this means is that they'll have regular calls, meetings and group hugs. They'll share a few APIs around and that'll be it. Sure, some APIs shared are probably not public APIs, but anyone with a decompiler can figure out what these are. They may get some priority support when they can't figure something out and will be able to have access to the guys who know what they're talking about in the engineering teams. But ultimately, these are still 2 different companies. The "open the doors, lift up the kimono" policies only go so far. The "super secret" stuff and strategic discussions will not go beyond company walls. So CA and BEA will simply treat each other like they do other ISVs. The difference is that they probably have a secret "Bat Phone" where they can call each other. That's about it.

The last area of focus is apparently on sales and marketing where they will:
"Implement marketing and sales programs to communicate the value proposition of their joint solutions to current and prospective customers and proactively team together on customer opportunities."

It sounds like someone in marketing wrote that statement alright. It means nothing. Ok so CA and BEA will throw some money in the pool and pay some agency to come up with something for them jointly? As for their ability to proactively team on customer opportunities, I think I've already outlined earlier in this post how that will go.

And to finally prove to everyone exactly why this won't work, they had someone from legal go through the press release and add this gem to the end of the statement:

"Some of the statements in this press release are forward-looking, including the statements regarding the plans, goals, completion, implementation, benefits, and details of the relationship between BEA and CA; the companies' further investment in development efforts, product delivery, validation and extension of products and other goals related to this relationship; and the ability of BEA's and CA's partnership to reduce customer costs and improve customer performance. Actual results could differ materially from those expressed in any forward-looking statements."

Way to instill confidence in the market guys...especially while you're trying to convince everyone this will work. If you're not sure if it'll work, why announce it? Why not go behind closed doors and nut it all sound joint marketing and sales calls and see how it works? Don't announce something and then shove a disclaimer in there that says "hey, don't sue us if it doesn't pan out. Even we're not sure if it'll pan out."

Even within companies that own all the technology involved, these issues I've mentioned above happen. The difference is that someone in a position of power within the company can sort the issues out. I worked for IBM...I know what can happen. But I also know that higher powers that be can usually fix the politics...even if the sales guys aren't happy about it. It's usually about what makes the customer happy. If it means some sales guys aren't happy, so be it. I mention IBM because if we're talking about Identity and Access Management suites and Application Server/SOA technologies working together, IBM has Tivoli and WebSphere. Similarly, Oracle has their Identity and Access Management suite and the Oracle Application Server. The story also rings true for Sun.

This may be CA and BEA trying to catch up to the pack that is IBM, Oracle and Sun. That's the only thing that makes sense. CA doesn't have a footprint in the SOA/application space. BEA doesn't do Identity and Access Management. The pieces fit if you take a 100,000 foot view. Analysing it further however, the picture is not so rosy.

If CA and BEA want to make this work properly, one of them has to buy the other one. Hey, it makes sense doesn't it? They each have the pieces that the other is missing. Is this where they're headed? Is this announcement a prelude of things to come? Wouldn't surprise me one bit in the acquisition hungry technology world of today.

No comments: